Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-9063

Weblogic cookie handling issue prevents login

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Major
    • None
    • 3.1
    • Authentication, Old Core
    • Weblogic Server 10.3, Oracle DB 10.2.0.2
    • weblogic, cookie, login
    • Unknown
    • N/A
    • N/A

    Description

      After configuring and deploying the XWiki 3.1 WAR to Weblogic 10.3, then importing the standard xwiki-enterprise-wiki-3.1.xar, I was not able to login as Admin/admin.

      After reviewing log files I noticed:
      WARN u.i.x.MyPersistentLoginManager - Login cookie validation hash mismatch! Cookies have been tampered

      After investigating the code in this class, and reviewing the cookie header handling differences between my Weblogic deployment and the standalone installer version, I noticed that Weblogic is apparently including the double-quotes in the cookie string in the returned value to getCookieValue(). This then always causes the getValidationHash() to fail since the username/password contain quotes.

      I was able to workaround this issue for now by creating a servlet filter on the action servlet and striping any quotes from cookie values (probably not the best long term solution).

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. XE-369 Weblogic 10.0 doesnt support xwiki-enterprise-web-1.7.1

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              surli Simon Urli
              zhodges Zach Hodges
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: